Scribd
Upload
4 views

Les01

The document outlines the concepts of controlling user access in a database, focusing on system privileges, object privileges, and roles. It explains how to create users, grant privileges, and revoke access, emphasizing the responsibilities of a database administrator. Key statements include CREATE USER, GRANT, CREATE ROLE, ALTER USER, and REVOKE, which manage user access to database objects.

Uploaded by

15Kalaaphurnaa V 9C
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
4 views

Les01

The document outlines the concepts of controlling user access in a database, focusing on system privileges, object privileges, and roles. It explains how to create users, grant privileges, and revoke access, emphasizing the responsibilities of a database administrator. Key statements include CREATE USER, GRANT, CREATE ROLE, ALTER USER, and REVOKE, which manage user access to database objects.

Uploaded by

15Kalaaphurnaa V 9C
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 24

1

Controlling User Access

Copyright © 2009, Oracle. All rights reserved.


1-2 Copyright © 2009, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do the


following:
• Differentiate system privileges from object privileges
• Grant privileges on tables
• Grant roles
• Distinguish between privileges and roles

1-3 Copyright © 2009, Oracle. All rights reserved.


Lesson Agenda

• System privileges
• Creating a role
• Object privileges
• Revoking object privileges

1-4 Copyright © 2009, Oracle. All rights reserved.


Controlling User Access

Database
administrator

Username and password


Privileges
Users

1-5 Copyright © 2009, Oracle. All rights reserved.


Privileges

• Database security:
– System security
– Data security
• System privileges: Performing a particular action within the
database
• Object privileges: Manipulating the content of the database
objects
• Schemas: Collection of objects such as tables, views, and
sequences

1-6 Copyright © 2009, Oracle. All rights reserved.


System Privileges

• More than 100 privileges are available.


• The database administrator has high-level system
privileges for tasks such as:
– Creating new users
– Removing users
– Removing tables
– Backing up tables

1-7 Copyright © 2009, Oracle. All rights reserved.


Creating Users

The database administrator (DBA) creates users with the CREATE


USER statement.
CREATE USER user
IDENTIFIED BY password;

CREATE USER demo


IDENTIFIED BY demo;

1-8 Copyright © 2009, Oracle. All rights reserved.


User System Privileges

• After a user is created, the DBA can grant specific system


privileges to that user.
GRANT privilege [, privilege...]
TO user [, user| role, PUBLIC...];
• An application developer, for example, may have the
following system privileges:
– CREATE SESSION
– CREATE TABLE
– CREATE SEQUENCE
– CREATE VIEW
– CREATE PROCEDURE

1-9 Copyright © 2009, Oracle. All rights reserved.


Granting System Privileges

The DBA can grant specific system privileges to a user.

GRANT create session, create table,


create sequence, create view
TO demo;

1 - 10 Copyright © 2009, Oracle. All rights reserved.


Lesson Agenda

• System privileges
• Creating a role
• Object privileges
• Revoking object privileges

1 - 11 Copyright © 2009, Oracle. All rights reserved.


What Is a Role?

Users

Manager

Privileges

Allocating privileges Allocating privileges


without a role with a role

1 - 12 Copyright © 2009, Oracle. All rights reserved.


Creating and Granting Privileges to a Role

• Create a role:

CREATE ROLE manager;

• Grant privileges to a role:

GRANT create table, create view


TO manager;

• Grant a role to users:


GRANT manager TO BELL, KOCHHAR;

1 - 13 Copyright © 2009, Oracle. All rights reserved.


Changing Your Password

• The DBA creates your user account and initializes your


password.
• You can change your password by using the ALTER USER
statement.

ALTER USER demo


IDENTIFIED BY employ;

1 - 14 Copyright © 2009, Oracle. All rights reserved.


Lesson Agenda

• System privileges
• Creating a role
• Object privileges
• Revoking object privileges

1 - 15 Copyright © 2009, Oracle. All rights reserved.


Object Privileges

Object
privilege Table View Sequence
ALTER

DELETE

INDEX

INSERT

REFERENCES

1 - 16 SELECT Copyright © 2009, Oracle. All rights reserved.


Object Privileges

• Object privileges vary from object to object.


• An owner has all the privileges on the object.
• An owner can give specific privileges on that owner’s
object.

GRANT object_priv [(columns)]


ON object
TO {user|role|PUBLIC}
[WITH GRANT OPTION];

1 - 17 Copyright © 2009, Oracle. All rights reserved.


Granting Object Privileges

• Grant query privileges on the EMPLOYEES table:


GRANT select
ON employees
TO demo;
• Grant privileges to update specific columns to users and
roles:
GRANT update (department_name, location_id)
ON departments
TO demo, manager;

1 - 18 Copyright © 2009, Oracle. All rights reserved.


Passing On Your Privileges

• Give a user authority to pass along privileges:


GRANT select, insert
ON departments
TO demo
WITH GRANT OPTION;
• Allow all users on the system to query data from Alice’s
DEPARTMENTS table:
GRANT select
ON alice.departments
TO PUBLIC;

1 - 19 Copyright © 2009, Oracle. All rights reserved.


Lesson Agenda

• System privileges
• Creating a role
• Object privileges
• Revoking object privileges

1 - 20 Copyright © 2009, Oracle. All rights reserved.


Revoking Object Privileges

• You use the REVOKE statement to revoke privileges


granted to other users.
• Privileges granted to others through the WITH GRANT
OPTION clause are also revoked.

REVOKE {privilege [, privilege...]|ALL}


ON object
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];

1 - 21 Copyright © 2009, Oracle. All rights reserved.


Revoking Object Privileges

Revoke the SELECT and INSERT privileges given to the demo


user on the DEPARTMENTS table.

REVOKE select, insert


ON departments
FROM demo;

1 - 22 Copyright © 2009, Oracle. All rights reserved.


Summary

In this lesson, you should have learned about statements that


control access to the database and database objects.

Statement Action

CREATE USER Creates a user (usually performed by a DBA)

GRANT Gives other users privileges to access the objects

CREATE ROLE Creates a collection of privileges (usually performed by a DBA)

ALTER USER Changes a user’s password

REVOKE Removes privileges on an object from users

1 - 23 Copyright © 2009, Oracle. All rights reserved.


Practice 1: Overview

This practice covers the following topics:


• Granting other users privileges to your table
• Modifying another user’s table through the privileges
granted to you
• Creating a synonym

1 - 24 Copyright © 2009, Oracle. All rights reserved.

You might also like